Closed ports and connection tracking
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Closed ports and connection tracking

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls
Author Message
Geoff
Guest
Posted: Fri Jan 21, 2005 9:13 pm    Post subject: Closed ports and connection tracking Reply with quote
OK, I am taking baby-steps in trying to get a better understanding of
protocols and firewalls. At present it is more important that I learn
than that I get a "recipe".

Say I want to block new tcp connections from the outside. I create filter
rules:

iptables -P INPUT DROP

iptables -A INPUT --proto tcp -m state --state NEW -j REJECT

iptables -A INPUT --proto tcp -m state --state ESTABLISHED,RELATED -j
ACCEPT

I see some dropped packets which are a result of my [SYN] receiving a
[RST,ACK] response - which I believe (am I wrong?) means that the port is
closed.

Presumably, therefore, [RST,ACK] does not create an ESTABLISHED state even
though packets have travelled in both directions, albeit not giving rise
to a transfer of any payload(?)

Presumably also, my application should receive the [RST,ACK] so that it
will know that the port is closed and stop pestering the host(?) The DROP
is therefore inappropriate?

If the above is right, what rule would achieve my object?

Geoff
Back to top
Micheal Robert Zium
Guest
Posted: Wed Jan 26, 2005 5:10 am    Post subject: Re: Closed ports and connection tracking Reply with quote
Geoff wrote:

Quote:
Say I want to block new tcp connections from the outside. I create filter
rules:

iptables -P INPUT DROP

iptables -A INPUT --proto tcp -m state --state NEW -j REJECT

iptables -A INPUT --proto tcp -m state --state ESTABLISHED,RELATED -j
ACCEPT

I see some dropped packets which are a result of my [SYN] receiving a
[RST,ACK] response - which I believe (am I wrong?) means that the port is
closed.

All of your TCP ports should send a RST. Everything else will be
dropped.

Quote:
Presumably, therefore, [RST,ACK] does not create an ESTABLISHED state even
though packets have travelled in both directions, albeit not giving rise
to a transfer of any payload(?)

There was no "handshake", therefore nothing was established.

Quote:
Presumably also, my application should receive the [RST,ACK] so that it
will know that the port is closed and stop pestering the host(?) The DROP
is therefore inappropriate?

You are rejecting TCP connects. The drop rule only applies to other
protocols.

Quote:
If the above is right, what rule would achieve my object?

There are many schools of thought on "dropping" vs. "rejecting". I
personally reject IDENT and drop most everything else.
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Firewalls All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB